Basic Steps To Secure Network Infrastructure
Securing your network infrastructure is a process, not a task. It is
something that, once started, does not end. You must remain constantly
vigilant to the threats against your network and continuously undertake
actions to prevent any compromises. Because of the scale of the
undertaking, hardening your network infrastructure is not an endeavor
you should undertake lightly.
Depending on the size and complexity of your environment, you might
spend weeks or even months planning before you make any changes. At the
same time, if you are looking at how to harden your network, you
probably recognize that you have security issues that need to be
addressed, even if you aren’t sure exactly what those issues are or how
to fix them. This can put you in a bind in that you may have issues
that really need to be addressed immediately, before the full-scale
hardening process begins.
So what are some things you should do immediately, right now, without
any hesitation? I’m glad you asked. In this guide, we will look at six
things you should do right now, before you do anything else.
There are many tasks you can perform as part of the systematic
hardening process. These are all generally big-ticket items—for
example, hardening your routers and switches or implementing DMZs and
perimeter network devices. These tasks take time, sometimes months from
the initial planning and design phase to the implementation. Although
all these tasks are necessary, you should undertake six tasks, in
particular, before you do anything else on your network. I consider
these six tasks to be the biggest impact undertakings you should
evaluate. At the same time, I don’t want to mislead you into thinking,
“OK, if I do these six things, I am probably pretty safe.” You aren’t.
However, what you will have is an excellent foundation from which to
start the systematic hardening process of your network infrastructure.
This foundation consists of the following elements
- Review your network design
- If you don’t know what your network design looks like, how your
devices are interconnected, how the data flows in your enterprise, you
will never be able to successfully protect your network. The first step
to hardening your network is to understand it.
- Implement a firewall
- If you don’t have a firewall, stop reading this guide right now and
go buy or build one and implement it on your network. I’m deadly
serious here. Implementing a firewall has the most impact of any task
you can perform for hardening your network infrastructure because it
allows you to define a perimeter.
- Implement access control lists (ACLs)
- You should be restricting and controlling all traffic entering and
exiting your network from the outside world. At the same time, you
should be restricting traffic between internal network segments. If
there isn’t a business justification for the traffic, block it. You
should be filtering traffic with ACLs not only on your external
firewalls and routers, but on your internal firewalls and routers as
- Turn off unnecessary features and services -
Although traditionally the realm of servers and applications,
unnecessary services equally plague your network infrastructure
devices. If you don’t have a reason to be running a particular service
on your network equipment, don’t do it.
- Implement virus protection
- Today’s worms and viruses, though directed at applications and